Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I create an evaluated expression based on an aggregate in the Pivot?

chustar
Path Finder
‎04-21-2015 09:51 AM

I'm currently building a report using Pivot tables. I'm trying to get my data model to look like this:

GroupName    AverageAge   AverageGrade    AverageAgeGreaterThan35
GroupA            30        90             False
GroupB            40        12             True

In this case, the AverageAgeGreaterThan35 column would be an evaluated expression.
I've tried doing this using an evaluated expression but it evaluates for each value, not the average value.
Is there a way to write the evaluated expression to support this?

Tags (4)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

chustar
Path Finder
‎04-24-2015 02:07 PM

After reading this answer by gkanapathy (http://answers.splunk.com/answers/34208/eval-mean-something-when-data-is-split-by-another-field.html... ) I came to the solution.

What I did was use eventstats to add the average first, and then use stats and eval to build up my string. Something like this: 

* | eventstats avg(Age) as CalcAvgAvge by GroupName | stats first(eval(if(CalcAvgAvge>35, "True", "False"))) AS AverageAgeGreaterThan35, avg(Age) as AverageAge, avg(Grade) as AverageGrade by GroupName,

View solution in original post

Reply
Solved! Jump to solution
Solution

chustar
Path Finder
‎04-24-2015 02:07 PM

After reading this answer by gkanapathy (http://answers.splunk.com/answers/34208/eval-mean-something-when-data-is-split-by-another-field.html... ) I came to the solution.

What I did was use eventstats to add the average first, and then use stats and eval to build up my string. Something like this: 

* | eventstats avg(Age) as CalcAvgAvge by GroupName | stats first(eval(if(CalcAvgAvge>35, "True", "False"))) AS AverageAgeGreaterThan35, avg(Age) as AverageAge, avg(Grade) as AverageGrade by GroupName,
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Get the T-shirt to Prove You Survived Splunk University Bootcamp

As if Splunk University, in Las Vegas, in-person, with three days of bootcamps and labs weren’t enough, now ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...